Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #5

Open
wants to merge 1 commit into
base: latest
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #5

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Jul 9, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Insertion of Sensitive Information into Log File
SNYK-JS-NPMREGISTRYFETCH-575432		 Yes No Known Exploit
Commit messages
Package name: libnpmhook The new version differs by 12 commits.
  • 319d517 chore(release): 5.0.3
  • 9144427 deps: npm-registry-fetch@4.0.0
  • da135b2 chore(release): 5.0.2
  • 1a4d785 refactor(fetch): use new npm-registry-fetch features to simplify
  • eba82eb chore(release): 5.0.1
  • 72800a9 deps: bump n-r-f
  • bb63594 fix(deps): move JSONStream to prod deps
  • 4ca653c chore(release): 5.0.0
  • 46b271b feat(api): overhauled API
  • a9a6565 deps: bump devDeps
  • f8974c7 deps: bump deps
  • 283efeb misc: npm6ify pkglock

See the full diff

Package name: npm-registry-fetch The new version differs by 61 commits.
  • 62ce833 chore(release): 4.0.5
  • 43a5d84 chore: remove basic auth data from logs
  • 71ab0e7 chore(release): 4.0.4
  • fc5d94c Put default timeout back to zero
  • 2e0c446 chore(release): 4.0.3
  • d7d8c58 chore: publish as latest-v4
  • 69c2977 fix: use 30s default for timeout as per README
  • fe7b129 chore(doc): document the effect of ?write=true on caching
  • ba8b4fe fix: always bypass cache when ?write=true
  • b758555 chore(release): 4.0.2
  • e3a0186 fix: Add null check on body on 401 errors
  • ff5f990 test(check-response): Added missing tests
  • 49059f0 chore(release): 4.0.1
  • 8eae5f0 fix(deps): Add explicit dependency on safe-buffer
  • 5dbd1d7 chore(release): 4.0.0
  • 0c4f060 cacache@12.0.0, infer uid from cache folder
  • 4b62980 chore(release): 3.9.1
  • 7878bbe deps: make-fetch-happen@4.0.2
  • e064215 deps: lru-cache@5.1.1
  • 4491843 chore(release): 3.9.0
  • a91f90c feat(auth): support username:password encoded legacy _auth
  • fc0e119 chore(release): 3.8.0
  • 0600986 feat(mapJson): add support for passing in json stream mapper
  • 9eb0095 chore(release): 3.7.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot